[openssl-users] Verifying RSA-SHA1 signature?

Nikolay Kudryavtsev nikolay.kudryavtsev at gmail.com
Mon Sep 12 17:07:44 UTC 2016

I have some data that was signed with RSA-SHA1 

What's the proper way of verifying that data with a signature?

The signature is base64 encoded, so first I do:
openssl enc -d -A -base64 -in signature.txt -out signature.sha1
Then I do:
openssl dgst -verify pubkey.pem -signature signature.sha1 datafile.txt
openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1 datafile.txt
Either of those fails with:
Verification Failure

Whenever I try to verify data signed with my own key, everything works. 
But for that data that I got from a third party nothing works. That 
third party is adamant that the signature is correct and it's RSA_SHA1, 
but they've been unwilling to explain the details on how they sign it 
and what they use to verify.

So what are the proper way of dealing with this?

Best Regards,
Nikolay Kudryavtsev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160912/9468b00f/attachment.html>

More information about the openssl-users mailing list